Do You Know How to Spot A Phish?

AnitPhish (Anti-Phishing Campaign)Phishing is a method of identity theft which requests confidential information such as usernames, account numbers, passwords, etc. by masquerading as a legitimate, trusted company.  This term typically refers to attempts through email.  However, this same type of attack can occur in person (social engineering) or over the phone (farming).

Phishing emails have become very sophisticated.  It used to be that they were so poorly written that you could just rely on really bad grammar or spelling errors to determine their legitimacy.  That is no longer the case.  The emails can appear to come from trusted addresses and cleverly designed with graphics, disclaimers, etc.  So how can you determine if an email is legitimate?

SMU and other companies will NEVER ask you to verify your information or provide your account details.

If you receive an email indicating your account will be terminated, or verification is needed, simply delete the email.

If the message is unexpected, think twice before responding.

Several phishing attempts indicate that a recent purchase was made on your account.  The email includes a link for you to log in and view the order etc.  Don’t be fooled! The link will simply take you to a bogus website where they capture your credentials when you log in!

Double check the URL links before you click.

If you hover the mouse over the hyperlink, the exact path should be displayed.  Review that link closely.  If the address does not match the legitimate company’s URL (such as smu.edu), then do not respond.

When in doubt, ask.

If you receive an email and aren’t sure if it is legitimate, don’t hesitate to ask!  The Help Desk can certainly review the email to determine if it is a phish or if it is legitimate. If the message appears to come from a financial institution, you can call them to verify.  Be sure to use the phone number listed on their website and not any included in the email.

If you happen to provide your account information before realizing it was a phishing attempt, you must react quickly.

  • Change your password right away.
  • If you provided a login or account details for a financial institution, immediately call them using the number on the back of your bank card.

Published by

George Finney

George Finney is the Chief Security Officer at Southern Methodist University. He is responsible for implementing and monitoring a diverse security infrastructure to protect the University network and data.